DSS ITSEC 2016: CYBER, CONNECTED THINGS AND INSECURITY

THE LARGEST CYBER SECURITY EVENT IN BALTICS

OCTOBER 27, RIGA, LATVIA

Topics

The conference is about cyber security only. Event annually covers a broad set of topics including current and future trends of cyber threats, modern market developments and strategies. It discusses and introduces newest laws and regulas, international compliance standards and cooperation, as well as technological solutions for Cloud, Data, Mobility, Network, Application, Endpoint, Identity & Access, and Security Governance.

Live Video Stream

In 21st Century travelling isn’t always mandatory to get the access to the information. You can watch LIVE video content exploring all 9+ parallel sessions in our YouTube channel or via our media partners like LMT Straume and various internet portals. In 2015 there were thousands of online live video stream viewers from all over the world.

Expo & Workshops

DSS ITSEC 2016 expo area typically provides at least 40+ expo stands with selected innovative technologies where on-site visitors can meet with industry professionals, learn, workshop, address the most important topics and receive advises from industry experts from all of the world. Conference and expo is about sharing knowledge, experience and contacts via business networking.

Delegates & Guests

Besides international cyber security star speakers event annually on-site brings together more than 700 high-level ICT professionals from local, regional, and international businesses, governments and government agencies, tech communities, national and public sectors. If You are CEO, CFO, CSO, CISO, CIO, legal and audit officer, or responsible for Business & IT risks / compliance, or administering systems, developing apps this event for You is a mandatory to attend.

Speakers

Featured this years speakers.

Jaya Baloo
CISO of KPN Telecom

Lars Hilse
CEO at Lars Hilse Digital Strategy Consultants

Paul Fremantle
Researcher at University of Portsmouth

Phil Zimmermann
Co-Founder & Chief Scientist Silent Circle

Richard Stiennon
Chief Strategy Officer at Blancco Technology Group

Steve Purser
Head of Core Operations Department at European Union Agency for Network and Information Security

Tarun Samtani
Group Cyber Security Advisor at Findel Plc.

Thea Sogenbits
Head of IT and Telecommunication Department at Tallinn Polytechnic School

Agenda

IBM Watson and the Cognitive Computing era

Do you know Watson and what it brings to modern businesses? Peter Hedges, Senior Advisor, Cognitive Business will talk about how IBM Watson’s capabilities can help clients overcome market challenges and pursue opportunities the new cognitive era presents. Get inspired by catching customer use cases and an outlook to the future.

Ziedoņa venue - (09:10 - 09:50)

EU cybersecurity reality check overview

Ziedoņa venue - (09:50 - 10:30)

Future of the digital market and internetFuture of the digital market and internet

Ziedoņa venue - (10:30 - 11:10)

Helpful hackers

‘Hospital leaks patient records’, ‘Public transport smartcard has more holes than a sieve’, ‘Mobile banking app unsafe’ – it seems that everything can be hacked these days. Fortunately, the person who discovers a flaw is not necessarily a cybercriminal but is often someone who wants to help improve cyber security. He or she immediately contacts the system owner so that the problem can be solved. A well-coordinated approach allows everyone to learn from the exercise we call ‘responsible disclosure’.
The Netherlands is a world leader in responsible disclosure. The Dutch like to resolve conflicts through a process of general consultation: the famous ‘polder model’. This seems a particularly appropriate approach in the realm of IT and cyber security, since there is no central authority with overall responsibility but many diverse players, each responsible for their own tiny part of a vast and complex system.
For the last four years, researcher Chris van ’t Hof has been collecting stories from the hackers, system owners, IT specialists, managers, journalists, politicians and lawyers who have been key players in a number of prominent disclosures. His book “Helpful Hackers.” (2016) offers a glimpse into the mysterious world of cyber security, revealing how hackers can help us all.

Venue DAUGAVA - (11:30 - 12:00)

DLP: Data Loss Prevention

A) What is DLP and why should you have it?
B) Building a strategy for DLP
C) Key takeaways

Venue 4 - (11:30 - 12:00)

Hacker vs Tool

Use of Which When Where
Learn to implement security controls throughout all areas of your software development life cycle, and examine the types of security tools and services that are best used at each phase of development. This vendor agnostic talk will discuss the strengths and weaknesses of each type of offering whether you are developing one application or managing thousands.

Venue 5 - (11:30 - 12:00)

Perspectives on research and development in cyber security in Europe

The rapidly increasing number of digital personal devices and the increasing connectivity, as well as emerging technologies and application areas such as the Internet of Things increases our dependence on ICT. On the other hand, new cyber threats and vulnerabilities appear, with increased impact on critical infrastructures and societal functions. This landscape bears significant risks not only to the economy and the society, but also to the national digital sovereignty and autonomy. Additionally, at the EU level there is a need to support the vision of the Digital Signal Market and to develop the European cybersecurity market and industry. In response to these needs, the European industry have submitted their view that describes objectives to be pursued, as well as cybersecurity priority technical areas for action. The European research community have also come up with a strategic research agenda describing cybersecurity research priority areas. The European Commission and the European Cyber Security Organization recently launched the cyber Public Private Partnership (cPPP) initiative to support all types of initiatives or projects that aim to develop, promote, or encourage European cybersecurity. In this talk, the above agendas will be discussed with an eye towards identifying prospective cybersecurity research and innovation areas.

Venue 6 - (11:30 - 12:00)

Wargaming Cyber Attacks

This presentation will explore and analyse particular aspects regarding the application of traditional board-based wargaming to cyber attacks. The presentation will outline some general benefits and drawbacks of wargaming, elucidate specific difficulties of wargaming the cyber domain, evaluate previous attempts in this field, and finally expound some original games created by the author.

Venue 7 - (11:30 - 12:00)

IoT Security 2016 - Market Analysis Perspective

The IDC provides an update to IoT security products market outlook. The presentation highlights key considerations for technology suppliers in this burgeoning, and complex, market as well as some of the drivers and inhibitors to growth. This 2016 update includes:
• Industry and market overview
• Buyer perspective
• Future view of the market
• Advice for the technology provider

Glass mountain hall - (11:30 - 12:00)

Everything is quantum!

Overview of the future of cryptography & quantum technologies.

Ziedoņa venue - (11:30 - 12:00)

Understand and Protect Data in the Era of Cloud Computing

Do you know where our data is? Who is accessing it? How sensitive it is? Can you measure your risk?
Come and hear how Microsoft approach information protection and learn how you can leverage this to have a better and more efficient data protection program.

Glass mountain hall - (12:00 - 12:30)

How dumb can a smart device be?

A look at Internet of Things devices and how basic vulnerabilities in them can lead to compromise of your data and even theft of your car. The presentation will include live demos of some of the vulnerabilities we have discovered in our journey to hack IoT devices and what manufacturers of these devices can do to fix them.

Venue 5 - (12:00 - 12:30)

DDoS – Fairy Tales and Reality

Will try to analyse what really media topics about DDoS means. What is frightening there and what is really dangerous

Venue 7 - (12:00 - 12:30)

The Day of the Urban Person

Presentation about the exponential evolution of technologies and how dependent we are on them. During the presentation an example about the consequenses of personal data theft will be given and will be outlined why it’s so important to keep Internet hygiene.

Venue 9 - (12:00 - 12:30)

IT Security Challenges in CEE Region

With the compliance deadline for EU GDPR set for May 25, 2018, organizations can no longer delay in preparing to complying with the new law’s stringent data privacy requirements. Amongst its many requirements, the EU GDPR requires organizations to appoint a Data Protection Officer. But there is very little guidance provided on the qualifications and skills that will make this role a success in organizations. In this session, Richard Stiennon, a renowned cyber security expert and Chief Strategy Officer for Blancco Technology Group, will help organizations find the right fit for this role, show them how to set responsibilities and performance metrics and more.

Ziedoņa venue - (12:00 - 12:30)

When your firewall turns against you

This talk will demonstrate how attackers can compromise a company’s network via their firewall system. It’s a common misbelieve that security tools are always secure. The aim of this talk is to show the audience the difference between a secure and a security product. First we discuss how we can remotely detect and identify the firewall system within the target internal network. After that we start a brute-force attack from the internet via the victim’s browser against the internal firewall. We will show how an attacker can bypass different used CSRF protections to trigger actions on the firewall system. Finally, we are going to exploit a memory corruption bug (type confusion bug which leads to a use after free vulnerability) in the PHP binary on the firewall to spawn a reverse root shell.

Venue 5 - (12:30 - 13:00)

Keynote Presentation on Cryptography in Enterprise

Cybersecurity defenses are losing badly to the attackers. Crypto is one of the few areas in cybersecurity where the defense has an advantage and yet governments are putting pressure on cybersecurity vendors to weaken their crypto. The recent confrontation between Apple and the FBI illustrates the need to design product that can stand up to this.
Phil will talk about product design in a pervasive surveillance environment.

Ziedoņa venue - (12:30 - 13:00)

Panel Discussion

Ziedoņa venue - (13:00 - 13:30)

Lunch, expo area, business networking

Ziedoņa venue - (13:00 - 14:00)

Responsible disclosure process - Latvian approach

Venue DAUGAVA - (14:00 - 14:30)

Your Thing is Pwned - security challenges for IoT

The Internet of Things is creating a virtually infinite attack surface. When you buy a device you don't know what information it is sharing, and it is hard to trust Internet companies not to be hacked. The result is that privacy is almost impossible in the world of IoT. I'll look at the challenges and some of the solutions.

Ziedoņa venue - (14:00 - 14:30)

Cryptography and you

Strong cryptography is no longer just for mathematicians or military communications. Every person in the world now uses strong cryptography in their day to day lives, whether they know it or not. In this talk I’ll unpack some of the most common uses of modern cryptography, and explain why cryptography is an essential tool for modern businesses and modern life. Despite its newfound popularity, there are still tradeoffs to consider when using cryptographic technologies. I'll explore how various organizations are thinking about the balance between the security and privacy benefits of strong encryption and other business needs.

Security teams face an onslaught of serious challenges as security threats and fraudulent activities continue to grow in sophistication and volume. With the emergence of the cognitive era, IBM Security is revolutionising the way security analysts work using Watson for Cyber Security to gain powerful insights, leverage threat research, and drive better outcomes through a trusted advisor enabling better human decision-making. Cognitive security will help to bridge the current skills gap, accelerate responses and reduce the cost and complexity of dealing with cybercrime.

Ziedoņa venue - (14:30 - 15:00)

Cyber Security in a Satellite World

The satellite industry is committed to providing secure, trustworthy connectivity to customers around the world. The Global VSAT Forum has spearheaded an industry-wide collaboration with VSAT equipment vendors and service providers to identify best practices to address today's cyber security threats, and lay a foundation for meeting the threats of tomorrow.
The GVF has commissioned a Cyber Security Task Force that comprises security experts and representatives from across the satellite industry.
The Task Force is working with stakeholders throughout the communications eco-system to promote enhanced cyber-security. An update will be provided on the Task Force's progress and next steps to help reinforce against cyber attacks.

Glass mountain hall - (15:00 - 15:30)

Fixing transport security

It’s been a tough couple years for crypto protocols. Almost every month a new vulnerability in TLS is announced that causes panic and distress to the security and IT communities. In this talk I’ll explain the latest set of cryptographic vulnerabilities in an accessible manner. By the end of the talk you’ll hopefully know the difference between FREAK, LogJam, DROWN, Sweet32, POODLE and SLOTH. We’ll be breaking good crypto and bad with side-channels, signing oracles and downgrades. I’ll also explain how the latest changes to TLS are supposed to fix things and how the entire house of cards may topple once quantum computers arrive.

Venue 6 - (15:00 - 15:30)

Shutting down ransomware business model across the kill chain

• Understand the business model behind ransomware and why it is so profitable
• Are you a target?
• See step by step how ransomware works – and opportunities for disruption
• Learn what type of a defense is best-suited to protect against ransomware attacks

Ziedoņa venue - (15:00 - 15:30)

Coffee break

Ziedoņa venue - (15:30 - 15:50)

Passwords are dead - Behavior is the new authentication

Most of today’s data breaches that make headlines are caused by malicious insiders. This could be a disgruntled employee with an axe to grind, or those in it for financial gain. Insider misuse, such as hijacked accounts, cannot be spotted by existing control based security tools, and as such a different approach is required. We have reached a phase when IT security professionals not only need to defend the corporate network from outside attacks, but also from their own users – without placing constrain on the business. Challenge accepted! This talk will inform the audience how to find the right balance between IT security and business flexibility from a technological point of view.

Ziedoņa venue - (15:50 - 16:20)

Building a Security culture

- Why do you need a Security Culture
- How to get the buy-in
- Design the Security culture strategy
- Q & A

Glass mountain hall - (16:20 - 16:50)

Ethical Hacker in Real Action

Venue 5 - (16:20 - 16:50)

Strategic trends in Cybersecurity - and security

Cybersecurity is primarily a strategic issue in today´s societies and businesses. Or should we just say and think security since cybersecuirty must be understood as integral part of security. It is very important - in order to succeed - to understand what is security in 2016 and what the future of strategic security looks like - and what kind of solutions are needed?